tag:blogger.com,1999:blog-33242194251147061.post4437826754208217562..comments2018-05-23T08:44:07.108-05:00Comments on RaiderSec: How Browsers Store Your Passwords (and Why You Shouldn't Let Them)Jordanhttp://www.blogger.com/profile/09317580042468804874noreply@blogger.comBlogger59125tag:blogger.com,1999:blog-33242194251147061.post-66919887914349982682015-01-14T07:20:28.754-06:002015-01-14T07:20:28.754-06:00Another product to use is ShieldToGo which has the...Another product to use is ShieldToGo which has the added advantage of being a usb based password manager which keeps your passwords away from the cloud and also provides up to 8GB encrypted storage.Techblogger2https://www.blogger.com/profile/15798415595025480520noreply@blogger.comtag:blogger.com,1999:blog-33242194251147061.post-58148704106544741492015-01-10T05:29:42.598-06:002015-01-10T05:29:42.598-06:00I created a malicious browser extension for Firefo...I created a malicious browser extension for Firefox 2 years ago, it was able to grab the passwords protected by the master password - just after the user unlocked it. The code to steal it was super easy. https://github.com/Z6543/ZombieBrowserPack/blob/master/full/client/firefox/chrome/content/browserOverlay.js<br /><br />Also, Citadel is targeting Keepass and Password Safe nowadays. http://arstechnica.com/security/2014/11/citadel-attackers-aim-to-steal-victims-master-passwords/<br /><br />Morale of the story: your passwords are not safe when your computer is infected with malware.<br /><br />Zhttps://www.blogger.com/profile/12373001166765443215noreply@blogger.comtag:blogger.com,1999:blog-33242194251147061.post-86407242440728510282014-08-09T14:23:25.011-05:002014-08-09T14:23:25.011-05:00It says win32 crypt is not installed. I tried to s...It says win32 crypt is not installed. I tried to search for it on google but couldn&#39;t find any thing for windowsM.S. krishna deepakhttps://www.blogger.com/profile/15538551185176596044noreply@blogger.comtag:blogger.com,1999:blog-33242194251147061.post-82660196506365177202014-07-15T02:21:29.388-05:002014-07-15T02:21:29.388-05:00Thank you so much for giving great information .Thank you so much for giving great information .Paul Brightonhttps://www.blogger.com/profile/08135681663817466078noreply@blogger.comtag:blogger.com,1999:blog-33242194251147061.post-5651341330735803422014-07-03T14:58:31.141-05:002014-07-03T14:58:31.141-05:00What version of python works best with this script...What version of python works best with this script? I&#39;m working on 3.4 and i get syntax errors on line 36 every time. Tried manipulating the spaces but no good on it. Any idea?Tarren Luvenehttps://www.blogger.com/profile/17796982260845038160noreply@blogger.comtag:blogger.com,1999:blog-33242194251147061.post-30883058482337670502014-05-31T20:01:18.295-05:002014-05-31T20:01:18.295-05:00Hi all, How to work this ffpasscracker in win7? Di...Hi all, How to work this ffpasscracker in win7? Did anyone try it ? i cant decrypt data. If someone know about this. can u give me some hint or advice Davaahttps://www.blogger.com/profile/04481643792933193077noreply@blogger.comtag:blogger.com,1999:blog-33242194251147061.post-12737328699763889292014-05-21T04:41:40.762-05:002014-05-21T04:41:40.762-05:00Prenom Nom maybe u should insatll pywin32 same as ...Prenom Nom maybe u should insatll pywin32 same as your python version and work it. It&#39;s working no problem. Davaahttps://www.blogger.com/profile/04481643792933193077noreply@blogger.comtag:blogger.com,1999:blog-33242194251147061.post-28835575541177193902014-05-19T02:00:08.461-05:002014-05-19T02:00:08.461-05:00This comment has been removed by the author.Davaahttps://www.blogger.com/profile/04481643792933193077noreply@blogger.comtag:blogger.com,1999:blog-33242194251147061.post-45632970267833593602014-05-15T20:14:29.766-05:002014-05-15T20:14:29.766-05:00Hi,
I have an error when I use python script :
...Hi,<br /><br />I have an error when I use python script :<br /><br /> password = win32crypt.CryptUnprotectData(result[2], None, None, None, 0)[1]<br />pywintypes.error: (-2146893813, &#39;CryptUnprotectData&#39;, &#39;Key not valid for use in specified state&#39;.&#39;)<br /><br />I also tried in adminstrator.<br /><br />Do you know where it can come ?<br /><br />RegardsPrenom Nomhttps://www.blogger.com/profile/17067993055263828004noreply@blogger.comtag:blogger.com,1999:blog-33242194251147061.post-48602329832688208282014-05-11T02:13:18.003-05:002014-05-11T02:13:18.003-05:00This comment has been removed by the author.Davaahttps://www.blogger.com/profile/04481643792933193077noreply@blogger.comtag:blogger.com,1999:blog-33242194251147061.post-53855121984455460642014-04-22T04:13:29.245-05:002014-04-22T04:13:29.245-05:00Nice info. Today I learned something new. Thanks f...Nice info. Today I learned something new. Thanks for sharing.<br /><br /><a href="http://www.tech2cool.com/computer" rel="nofollow">Online computer shop</a>Connie Garrickhttps://www.blogger.com/profile/07292627247944208743noreply@blogger.comtag:blogger.com,1999:blog-33242194251147061.post-61549033532672691762014-04-15T07:56:30.705-05:002014-04-15T07:56:30.705-05:00I also don&#39;t think that the other browsers hav...I also don&#39;t think that the other browsers have a much higher security level. You have to have control over you system. When this is not the case the security mechanisms would not help you much.<br />You also can have a vault with a master key for the passwords. But when the key for the vault is in another vault and the key for the second vault is on the system, this would not help you much, even if it looks like great security features.<br />The key is that no one has access to your system. If this is the case, then the security of chrome is good.<br />If anyone has access to your system, then nothing can help you, as the atacker can even get access to the master key for firefox, by just changing some files of firefox.Manuelhttps://www.blogger.com/profile/14374633995052963499noreply@blogger.comtag:blogger.com,1999:blog-33242194251147061.post-79454713271816127332014-03-22T14:16:08.526-05:002014-03-22T14:16:08.526-05:00Davaa,
The post mentions that if a master passwor...Davaa,<br /><br />The post mentions that if a master password is not set, the null value &quot;&quot; is used. This makes it trivial to extract the passwords.<br /><br />As the post mentions, you can use Firemaster or ffpasscracker to do this.Jordanhttps://www.blogger.com/profile/09317580042468804874noreply@blogger.comtag:blogger.com,1999:blog-33242194251147061.post-13810891697654803782014-03-21T23:57:33.838-05:002014-03-21T23:57:33.838-05:00This comment has been removed by the author.Davaahttps://www.blogger.com/profile/04481643792933193077noreply@blogger.comtag:blogger.com,1999:blog-33242194251147061.post-6226513184642440262014-03-16T13:14:59.475-05:002014-03-16T13:14:59.475-05:00This comment has been removed by the author.Davaa0629https://www.blogger.com/profile/04481643792933193077noreply@blogger.comtag:blogger.com,1999:blog-33242194251147061.post-69428707290449964812014-02-11T04:30:32.302-06:002014-02-11T04:30:32.302-06:00Please give me mozila password recovery python cod...Please give me mozila password recovery python code for windows XP &amp; others. Saurav Senhttps://www.blogger.com/profile/08004015398539885176noreply@blogger.comtag:blogger.com,1999:blog-33242194251147061.post-17937917491128451822014-01-16T13:29:18.734-06:002014-01-16T13:29:18.734-06:00This comment has been removed by a blog administrator.Alex Goldhttps://www.blogger.com/profile/14955090487963536663noreply@blogger.comtag:blogger.com,1999:blog-33242194251147061.post-37602251826809786292013-10-27T14:36:16.205-05:002013-10-27T14:36:16.205-05:00Hey, saw your article and it was really helpful in...Hey, saw your article and it was really helpful in understanding how the passwords are stored. I did notice though that there is no link when you mention &quot;To use this on Windows, you can use these cygwin DLL&#39;s.&quot; when talking about ffpasscracker. Also, my attempts at converting this to Windows as a personal experiment with the necessary dll files have resulted in &quot;WindowsError: Exception: access violation writing 0x00000000 when any libnss calls are done. Would you know offhand what could cause such errors or should I guide this question to the creator of that proof of concept?nahttps://www.blogger.com/profile/09398995814113758527noreply@blogger.comtag:blogger.com,1999:blog-33242194251147061.post-57243504441227133412013-10-26T14:48:19.230-05:002013-10-26T14:48:19.230-05:00well ,here it is explained in detail how to view s...well ,here it is explained in detail how to view saved passwords in chrome- http://www.superpctricks.com/2013/06/how-to-view-all-saved-passwords-in.htmlAmar pawarhttps://www.blogger.com/profile/08165199092170472771noreply@blogger.comtag:blogger.com,1999:blog-33242194251147061.post-54161233562000585072013-10-04T02:19:46.543-05:002013-10-04T02:19:46.543-05:00Nice post with awesome points! Can’t wait for the ...Nice post with awesome points! Can’t wait for the next one.<br /><br /><a href="http://www.onlinemarket360.com/products/Toshiba-%252d-15.6%22-Tecra-Notebook-%252d-4-GB-Memory-%252d-320-GB-Hard-Drive-%252d-Graphite-Black-Metallic.html/" title="Toshiba - 15.6" rel="nofollow">Toshiba - 15.6&quot; Tecra Notebook - 4 GB Memory - 320 GB Hard Drive - Graphite Black Metallic</a><br><br /><a href="http://www.onlinemarket360.com/products/Toshiba-%252d-14.4%22-Satellite-Laptop-%252d-6GB-Memory-%252d-256GB-Solid-State-Drive-%252d-Midnight-Silver.html/" title="Toshiba - 14.4" rel="nofollow">Toshiba - 14.4&quot; Satellite Laptop - 6GB Memory - 256GB Solid State Drive - Midnight Silver</a><br />Jerry Genehttps://www.blogger.com/profile/03544003491166166039noreply@blogger.comtag:blogger.com,1999:blog-33242194251147061.post-82927808981714027772013-09-02T03:30:25.703-05:002013-09-02T03:30:25.703-05:00I have been looking the World Wide Web for this in...I have been looking the World Wide Web for this information and I want to thank you for this post. <a href="http://www.linkwheel.pro/" rel="nofollow">link wheel services</a>spark davidhttps://www.blogger.com/profile/12325848485908313230noreply@blogger.comtag:blogger.com,1999:blog-33242194251147061.post-32355787504868798542013-08-20T12:58:49.945-05:002013-08-20T12:58:49.945-05:00This is helpful, however, it doesn&#39;t seem like...This is helpful, however, it doesn&#39;t seem like you considered Chrome with the Sync Passphrase in effect. Also, you recommend password managers, but most people will use those with the &#39;remember me&#39; option checked--so I&#39;m wondering if Chrome is actually a better option in those cases. <br /><br />Here&#39;s a security.stackexchange question I&#39;m trying to get an authoritative answer on: http://security.stackexchange.com/q/40884/25338brenton strinehttps://www.blogger.com/profile/06836081061894128751noreply@blogger.comtag:blogger.com,1999:blog-33242194251147061.post-44653050484509942432013-08-17T21:43:58.189-05:002013-08-17T21:43:58.189-05:00Could you do an analysis on less popular browsers ...Could you do an analysis on less popular browsers like Safarai or Opera (12.x) as well?toudokuhttps://www.blogger.com/profile/06652057263385502398noreply@blogger.comtag:blogger.com,1999:blog-33242194251147061.post-29497755431264649152013-08-05T13:32:50.979-05:002013-08-05T13:32:50.979-05:00This comment has been removed by the author.Andrew Zitnayhttps://www.blogger.com/profile/05516258106935450199noreply@blogger.comtag:blogger.com,1999:blog-33242194251147061.post-53415371360032042972013-08-01T14:30:40.407-05:002013-08-01T14:30:40.407-05:00Did you by chance have a look at how well the mast...Did you by chance have a look at how well the master password is protected in Firefox&#39;s memory? A trojan (or a shoulder surfer who found his colleague&#39;s PC unlocked) should not have a hard time installing a Firefox addon. And since Firefox does not need to restart for installing and uninstalling most addons, if the master password is accessible via the extension API, it might be stolen that way without restarting Firefox at all.<br /><br />Yes, I am aware that Firefox can show you a list of all stored passwords if you have already entered the master password, but you cannot copy them and trying to screenshot it in parts may be a bit harder than just copying the master password and the password db might be a lot faster if the user has stored a lot of unmemorizable passwords in his password safe.Unknownhttps://www.blogger.com/profile/06192597732539480187noreply@blogger.com